As the cloud continues to adopt the acceleration, are the questions facing safety teams: Where are our sensitive data? Who can access it? Do we do enough to protect it?
To help answer these questions, Wiz Research has analyzed hundreds of thousands of cloud accounts across institutions of all sizes. The resulting report knocks – data security snapshot: current exposure trends – the most common risk of exposure to data and misuse today, with a sharp focus on the place where toxic groups create from access and real risks.
Here's a preview of what we found.
Virtual devices and cases without a server are often an essential part of the cloud infrastructure – often surprising, and they are exposed to the general Internet while containing sensitive data. We have found that 54 % of cloud environments have been exposed to VMS and cases without a server containing sensitive information such as PII or payment data.
More than that is: 35 % of cloud environments have VMS or counterparts without a server that offer sensitive data and are vulnerable to high or critical threats.
This is not just the formation of poor composition-it is an opportunity to significantly reduce the potential of breach by targeting high overlap affect exposure and exploitation.
The resources that can be accessed for the public are a natural part of cloud processes. But 72 % of cloud environments have publicly exposed Paas databases that lack access to access controls, which raises the risk that sensitive data can be inadvertently exposed. With the correct context, the difference can differentiate between acceptable public assets and those that pose a real threat – and give priority to take accordingly.
Despite the years of innovation in container safety, 12 % of cloud environments still have containers exposed to the public and exploitation through known weaknesses.
It is a reminder that continuous monitoring and good hygiene are necessary even in the most mature cloud environments.
Poor behavior, exposure, and excessive application accounts are still common. But it is not inevitable. By focusing on the correct context – what is exposed, what is weak, and what is sensitive – security teams can advance on possible accidents and build a more flexible cloud environment.
Explore the full report to learn how to use DSPM safety teams to convert visibility into work, and the risks of results.
